The @eris post about 15 year cloudflare cert pushed me to try it. Why not, I thought? A 15 year cert is worth it.
So I got a cert from cloudflare. Set it in hestiacp panel with no problem. Enabled full strict, waited and my site worked fine… Okay I thought, but then I tried to log into the panel…cp.mydomain.com:2083 and… it showed me Error 526 Ray ID: 5a26bbe6referfer3d7984ec • 2020-06-12 21:41:05 UTC ## Invalid SSL certificate
Okay! Set just Full in cloudflare and the panel came back. To sum up
What do you think?
It’s not so critical cause I still have access to https://ipserver:2083 so I can control the panel from there. Just wanted to understand why it happened. Maybe some limitation with ports on subdomains from the CF side? Or it’s a bug…
Hello! I deleted all the certs from domains, restarted the server. Went to Server-Configure-SSL but there was (and still is) cert. I tried to delete, but with no success.
Looked at /usr/local/hestia/data/users/mydomain/ssl there was nothing
Looked at /usr/local/hestia/data/users/admin/ssl there was nothing
But in server-configure-ssl there was still cert… Okay
Tried Full strict and failed again. So I started to look where it can be saved… found /usr/local/hestia/ssl/ and found cers there and just deleted but it turned out that they were not CF certs…so now I have no access to panel at all. Okay I’ll reinstall hestia in the morning and set from the start the CF cert in server -configure and will look how it will be working. Thanks
Hi @danonanon,
You didn’t had to delete certificates in all places.
The certificate you set in Web section is for the website hostname.website.com but the certificate that you set in Server->Configure->SSL is for Hestia hostname.website.com:2083.
I think earlier you had self-signed certificate for Hestia which wouldn’t work with Cloudflare strict mode, you can see a description next to strict mode in Cloudflare which says Encrypts end-to-end, but requires a trusted CA or Cloudflare Origin CA certificate on the server
@rmjtechnologies yes, hestiacp gives me its cert but the way you say to change the cert from the hestiacpanel isn’t right. It doesn’t allows you to change it, at least in the last verstion of Hestiacp @eris your guide works! Thank you guys. Add it please to the documentation if possible.